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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )M Responsive to communication(s) filed on 6/3/02 . 
2a)D This action is FINAL. 2b)£3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) D Claim(s) is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 1-16 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on Oct 14,1999 is/are: a)E3 accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

11) D The proposed drawing correction filed on is: a)Q approved b)\Z\ disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

a>n All b)D Some*cO None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). 



2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) EH Notice of Informal Patent Application (PTO-152) 

3) [^Information Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) □ Other: 

U.S. Patent and Trademark Office 

PTOL-326 (Rev. 04-01 ) Office Action Summary Part of Paper No. 8 
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DETAILED ACTION 

1 . Claims 1-16 have been examined. 

Specification 

2. This application does not contain an abstract of the disclosure as required by 37 
CFR 1.72(b). An abstract on a separate sheet is required. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

4. Claims 1,2, 8, and 1 1 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Duxbury U.S. Pat. No. 5347578 (hereinafter Duxbury). 

As per claims 1 and 2, Duxbury teaches a system for securing a server computer from 
unauthorized access, comprising an access engine for removing supervisor rights on the server 
computer (Duxbury: column 4 lines 20-29: remove the superuser status). The superuser is a nick- 
name for root. Therefore, removing the superuser also means to remove the root or root account. 
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Claim Rejections - 35 USC § 103 



5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1, 2, 8, and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Boebert et al. U.S. Pat. No. 5864683 (hereinafter Boebert) in view of Duxbury. 

As per claim 1 and 8, Boebert teaches a system of securing a server computer from 
unauthorized access (Boebert: column 5 lines 47-67, column6 lines 1-14: protect a computer 
connected to an unsecured external network). Boebert does not explicitly teach the method of 
removing supervisor rights on the server computer. However, Duxbury teaches that limitation 
(Duxbury: column 4 lines 20-29: remove the superuser status). It would have been obvious to 
one having ordinary skill in the art to access the server computer by an administrator to change 
the security level of the server computer to restrict executing system commands. Therefore, since 
only superusers have the authority to execute system commands to manage the server, it would 
have been obvious to one having ordinary skill in the art at the time of applicant's invention to 
combine the teaching of Duxbury within the system of Boebert because remove the superuser 
status on the server computer disallow any write or execute command to be carried out. 

As per claim 2 and 11, superuser is a well-known nickname for root account. Removing 
the superuser status is same as removing root or root account. Same rationale applies here as 
above in rejecting claim 1. 
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7. Claim 3 and 4 are rejected under 35 U.S.C. 103(a) as being unpatentable over Boebert in 
view of Duxbury as applied to claim 1 above, and further in view of Boebert et al. U.S. Pat. No. 
5822435 (hereinafter Boebert2). 

As per claim 3, Boebert-Duxbury teaches a system for securing a server computer from 
unauthorized access. Boebert-Duxbury does not explicitly teach the method of removing 
supervisor rights from an external client computer. However, Boebert2 teaches the method of 
accessing the server from an unsecured computer (Boebert2: column 3 lines 19-23: ensure secure 
communication medium between a user working on an unsecure computer and a host computer). 
It would have been obvious to one having ordinary skill in the art to allow a user to access the 
server from a workstation that the user has easier access to by using different types of 
authentication method. Therefore, it would have been obvious to combine the teachings of 
Boebert, Duxbury, and Boebert2 to allow users with authority to remote login the server system 
from an external computer to manage the server or to lock the server without having to be at the 
server site. 

As per claim 4, Boebert-Duxbury-Boebert2 teaches a system in claim 3. Duxbury further 
teaches the access engine allows supervisor rights to be restored on the server computer 
(Duxbury: column 4 lines 20-30: allows the privilege to be reset when entering command shell). 
Since a user can be logged in remotely, the authorized user would be able to execute commands 
as disclosed by Duxbury. Therefore, it would have been obvious to one having ordinary skill in 
the art at the time of applicant's invention to combine the teachings of Boebert, Duxbury, and 
Boebert2 because the server needs to be restored so that managing tasks or supervising tasks can 
be performed again by administrator or authorized users. 
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8. Claims 5 and 6 are rejected under 35 U.S.C. 103(a) as being unpatentable over Boebert in 
view of Duxbury and in view of Boebert2 as applied to claim 3 above, and further in view of 
Pang et al. U.S. Pat. No. 6446204 (hereinafter Pang). 

As per claim 5 and 6, Boebert-Duxbury-Boebert2 teaches a system of securing a server 
computer from unauthorized access as described in claim 3. Boebert-Duxbury-Boebert2 does not 
explicitly teach authenticating user password and IP address before the external client computer 
can remove the supervisor rights. However, Pang teaches that limitation (Pang: column 1 lines 
53-58: authorization information typically contain user's name and a password, a particular IP 
address). The use of IP address and password of users to access a server is well known in the art. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time of 
applicant's invention to combine the teachings of Boebert, Duxbury, Boebert2, and Pang because 
multiple authentication increase difficulty for unauthorized users to break into the system. 

9. Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Duxbury as 
applied to claim 1 above, and further in view of Truong U.S. Pat. No. 6151609 (hereinafter 
Truong). 

As per claim 7, Duxbury teaches a system that removes supervisor rights on the server 
computer. Duxbury does not explicitly teach the computer system is a server computer that 
connects to an Internet. However, Truong teaches an Internet server that allows remote editing 
(Truong: column2 lines 42-51: tasks of system administrator; column 3 lines 12-60: a remote 
editor system). It would have been obvious to one having ordinary skill in the art at the time of 
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applicant's invention to combine the teaching of Truong within the system of Duxbury because it 
allows the system administrator to maintain and manage the server when the system 
administrator is not physically near the server computer. 

10. Claims 9 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Duxbury 
in view of Truong as applied to claim 8 above, and further in view of Wu et al. U.S. Pat. No. 
5774551 (hereinafter Wu). 

As per claim 9 and 10, Duxbury-Truong teaches a system for securing an Internet server 
from unauthorized access. Duxbury-Truong does not explicitly teach the use of IP address of 
trusted external computer to authenticate users. However, Wu teaches the method of 
authenticating IP address with a list and password supplied by the external client computer (Wu: 
column 13 lines 42-52: the authenticate user method tests the name or address of the remote 
computer against a list of trusted remote computers; column 15 lines 1-5: request and verify a 
user's password). Same rationale applies here as above in rejecting claims 5 and 6 above. 

1 1 . Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Duxbury as 
applied to claims 1 and 8 above, and further in view of Boebert2. 

As per claim 12, Duxbury teaches a system for securing a server computer from 
unauthorized access. Duxbury does not explicitly teach the method of removing supervisor rights 
from an external client computer over an internet (Boebert2: column 3 lines 19-23: ensure secure 
communication medium between a user working on an unsecured computer and a host 
computer). Same rationale applies here as above in rejecting claim 3. 
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12. Claims 13 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Theimer U.S. Pat. No. 5649099 (hereinafter Theimer) in view of Duxbury, and further in view of 
Boebert2. 

As per claim 13, Theimer teaches a computer-readable medium comprising program 
instructions for securing a server computer from unauthorized access (Theimer: column 137 lines 
12-21 : access control program). Theimer does not explicitly teach the method of removing 
supervisor rights on the server. However, Duxbury teaches the method of removing supervisor 
rights on the server (Duxbury: column 4 lines 20-29: remove the superuser status). Same 
rationale applies here as above in rejecting claim 1. Theimer-Duxbury does not explicitly teach 
the method of removing supervisor rights on the server computer from an external client 
computer and allow access to applications on the server computer. However, Boebert teaches the 
limitation (Boebert2: column 3 lines 19-23: ensure secure communication medium between a 
user working on an unsecure computer and a host computer). Same rationale applies here as 
above in rejecting claim 3. 

As per claim 16, Duxbury further teaches removing supervisor rights includes removing a 
root from the server computer. Same rationale applies here as above in rejecting claim 1. 

13. Claim 14 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over Theimer 
in view of Duxbury and in view of Boebert2 as applied to claim 13 above, and further in view of 
Wu. 
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As per claim 13, Theimer-Duxbury-Boebert2 teaches a computer-readable medium 
comprising program instructions for securing a server computer from unauthorized access. 
Theimer-Duxbury-Boebert2 does not explicitly teach the method of authenticating users with a 
list of trusted addresses and password provided by the external client computer before being able 
to remove supervisor rights. However, Wu teaches that limitation (Wu: column 13 lines 42-52: 
the authenticate user method tests the name or address of the remote computer against a list of 
trusted remote computers; column 15 lines 1-5: request and verify a user's password). Same 
rationale applies here as above in rejecting claims 5 and 6 above. 

Conclusion 

14. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Dockter et al. U.S. Pat. No. 6295605 discloses method and apparatus for multi-level 
security evaluation. 

Diamant et al. U.S. Pat. No. 6268789 discloses information security method and 
apparatus. 

Glasser et al. U.S. Pat. No. 6061684 discloses method and system for controlling user 
access to a resource in a networked computing environment. 

Subramaniam et al. U.S. Pat. No. 6081900 discloses secure Intranet access. 

McChesney et al. U.S. Pat. No. 5857102 discloses system and method for determining 
and manipulating configuration information of servers in a distributed object environment. 
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Scouras et al. U.S. Pat. No. 6473786 discloses data acquisition and remote administration 

system. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shin-Hon Chen whose telephone number is (703) 305-8654. The 
examiner can normally be reached on Monday through Friday 8:00am to 4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (703) 305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 



Shin-Hon Chen 
Examiner 
Art Unit 2131 
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